Federal Trade Commission: Personnel and Policies in Flux
On February 12, 2025, the Department of Justice announced it would stop defending for-cause removal protections that preserve the FTC’s (and other federal agencies’) status as independent, a decision that could enable the president to remove the two remaining Democratic commissioners, Alvaro Bedoya and Rebecca Kelly Slaughter. According to reports, the acting solicitor general, Sarah Harris, wrote a letter to Sen. Dick Durbin, ranking Democrat of the Senate Judiciary Committee, arguing that statutory tenure protections for independent agencies that rely on the Supreme Court’s 1935 ruling in Humphrey’s Executor v. United States, were “unconstitutional.” On February 14, Axios reported that FTC Chairman Andrew Ferguson supported the Solicitor General’s letter, “putting the Commissioners on notice” that they could be fired.
At the staff level, since our last update, the FTC has seen notable leadership changes and policy shifts. On February 4, 2025, FTC Chairman Ferguson appointed Christopher Mufarrige as the new director of the Bureau of Consumer Protection, replacing the former director, Sam Levine, and signaling potential changes in the agency’s enforcement priorities. Mufarrige previously served as an attorney advisor at the CFPB and more recently within the FTC with Commissioner Melissa Holyoak. All four commissioners approved this appointment. Given his background, we expect Mufarrige to walk back Levine’s activist use of the agency’s unfairness authority, particularly in the context of artificial intelligence (AI), focusing instead on more traditional notions of Section 5 deception.
Indeed, these personnel changes come amid ongoing discussions about the FTC’s role in regulating the tech industry, including remarks by Commissioner Holyoak at the Global Competition Review event on January 30, where she emphasized new priorities pertaining to privacy and AI. First, the commissioner cautioned against regulatory zeal that could stifle innovation in AI. In her words, she warned “we must avoid slowing innovation in artificial intelligence through misguided enforcement actions. While the technology is still nascent, it is critically important to America’s economic and national security. The Commission needs to be circumspect when policing AI.” Criticizing former leadership at the agency, Holyoak noted, “Our focus should be on stopping fraudulent conduct and developing further our understanding of this industry, not seeking to stretch our statutory authorities.” She added that “the Biden FTC took actions that further dampened firms’ incentives to innovate in AI.” This echoes the position of the new chairman, Andrew Ferguson, which we covered in our first installment. Second, Commissioner Holyoak announced that the FTC “must fight against Big Tech censorship.” She expressed concerns over dominant social media companies allegedly suppressing certain viewpoints and speakers. She has previously issued statements on this issue, indicating that tackling content moderation endeavors by organizations may be an area where the Commission could leverage its unfairness authority.
Commissioner Holyoak expanded on privacy and AI concerns during another appearance at the American Bar Association’s Antitrust Data Privacy Conference held on February 6, where she emphasized the agency’s prioritization of “enforcing fraudulent practices rather than speculative harms.” This could indicate that the Commission would reduce its footprint on Section 5 unfairness authority in this context, which was significantly expanded under Lina Khan’s leadership. Commissioner Holyoak also pointed to the Avast settlement from 2024 as an example of what she views as overbroad algorithmic disgorgement, saying that the Commission will wield a “scalpel” rather than a “machete” when deploying this remedy against AI models that were trained using data collected unfairly or deceptively from consumers.
Finally, we note that the FTC’s much-anticipated amendments to the COPPA rule, which the agency approved on January 16, 2025 — albeit with several reservations by (now) Chairman Ferguson, which we covered here — appear to still be on ice. The regulatory stopwatch to implementation starts ticking when a new rule is published in the Federal Register, which the new COPPA rule has yet to be.
Consumer Financial Protection Bureau: Future Uncertain
Meanwhile, the CFPB has faced significant upheaval in recent weeks. Director Rohit Chopra was dismissed and replaced by Jonathan McKernan, moving over from the Federal Deposit Insurance Corporation (FDIC). On January 10, 2025, Acting Director Russell Vought (widely known as the architect of Project 2025), who is the new head of the Office of Management and Budget (OMB), directed the CFPB’s 1,700 employees to cease all work, effectively halting any ongoing activity and prompting resignations in protest by a number of high-level leaders at the agency.
Financial institutions and businesses should not view the agency’s halt as a free pass for noncompliance, however, because existing consumer protection and consent orders, as of now, remain in effect. While uncertainty now engulfs the CFPB’s recently passed Rule on Personal Financial Data Rights, observers believe the rule may yet survive or be revised, short of being fully repealed.
The Lights Stay on in State Capitals
As with other tech policy issues, states may take up the consumer financial protection mantle in the wake of the weakening of the federal body with a mandate to regulate the area. In its final days under the Biden administration, the CFPB issued a report urging states to take a more active role in consumer protection by banning “abusive practices” (i.e., junk fees), creating CFPB-style civil penalty funds within states, addressing deceptive digital marketing, and more.
This would reflect an already changing tide in the regulatory scheme as state laws and enforcement in privacy, cybersecurity, AI, and consumer protection at large continue to expand across the country.
At the same time, don’t expect the federal conversation on privacy to wane entirely. For instance, Representative Brett Guthrie is pushing for a “clean sheet” approach to federal privacy legislation, arguing that previous regulatory frameworks are outdated and inadequate to address modern data protection challenges. Senators Brian Schatz and Ted Cruz, meanwhile, are backing new bipartisan legislation aimed at strengthening online protections for children, reflecting a sectoral push for stricter digital privacy measures.
Privacy and Civil Liberties Oversight Board: Democrats Out, Uncertainty In
Yet another agency that experienced the changing tides in Washington, DC, is the PCLOB. On January 27, the president removed all three Democratic members from the Board, leaving it sub-quorum and largely reining in its operations. According to remaining board member Beth Williams during her remarks at the State of the Net conference in Washington, DC, on February 11, the PCLOB, established in 2007 with the mandate of overseeing government surveillance programs, is now stunted in its ability to take action or issue new projects but can still issue staff reports on previously approved projects. Similarly to Commissioner Holyoak, Williams addressed concerns about “censorship” in this case, stating that the board will prioritize tackling government “censorship under the guise of national security” through looking at evidence of governments pressuring social media companies to “counter speech” labeled as mis-, dis-, or mal-information. Additionally, Williams described that oversight and guidance of the implementation of the EU-US Data Privacy Framework will continue to be a priority. The EU has yet to weigh in on whether the removals and status quo of a sub-quorum PCLOB will change its determination of adequacy that gave rise to the EU-US Data Privacy Framework. Businesses are closely watching any developments on that front, given that unraveling the heavily negotiated adequacy status could significantly affect their ability to conduct cross-border data transfers across the Atlantic.
AI Action Plan: A Call for New Ideas
The Trump administration is seeking public input on a new AI Action Plan. On February 6, the White House Office of Science & Technology Policy (OSTP) and the National Science Foundation (NSF) issued a Request for Information (RFI) asking stakeholders to provide feedback on 20 AI policy topics covering a broad swath of areas, including data centers, model development, data privacy, security, IP, and governance, inter alia. This initiative follows Executive Order 14179, “Removing Barriers to American Leadership in Artificial Intelligence,” which outlines its aims to prioritize economic competitiveness and national security while fostering AI innovation. Public comments on the AI Action Plan are due by March 15, 2025, with the finalized AI Action Plan due to be submitted to the president by October 2025.
This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee similar outcomes.